On Fri, Dec 29, 2017 at 12:08:25PM +0100, Ahmed Abdelsalam wrote:
> This patch adds a new exetension to iptables to supprt 'srh' match
> The implementation considers revision 7 of the SRH draft.
> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
>
> Signed-off-by: Ahmed Abdels
On Sun, Jan 07, 2018 at 07:22:02PM +0100, Ahmed Abdelsalam wrote:
> It allows matching packets based on Segment Routing Header
> (SRH) information.
> The implementation considers revision 7 of the SRH draft.
> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
>
> Currently supp
On Mon, Jan 08, 2018 at 02:45:16PM +0100, Ahmed AbdelSalam wrote:
>
> > On 8 Jan 2018, at 14:37, Pablo Neira Ayuso wrote:
> >
> > On Sun, Jan 07, 2018 at 07:22:02PM +0100, Ahmed Abdelsalam wrote:
> >> It allows matching packets based on Segment Routing Header
&g
On Sun, Jan 07, 2018 at 07:22:02PM +0100, Ahmed Abdelsalam wrote:
> It allows matching packets based on Segment Routing Header
> (SRH) information.
> The implementation considers revision 7 of the SRH draft.
> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
>
> Currently supp
Hi Ahmed,
On Fri, Dec 29, 2017 at 12:07:52PM +0100, Ahmed Abdelsalam wrote:
> It allows matching packets based on Segment Routing Header
> (SRH) information.
> The implementation considers revision 7 of the SRH draft.
> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
>
> Cur
On Thu, Dec 28, 2017 at 09:48:54AM +0100, Dmitry Vyukov wrote:
> syzkaller triggered OOM kills by passing ipt_replace.size = -1
> to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in
> xt_alloc_table_info() causes int overflow and the size check passes
> when it should not. SMP_ALIGN() is n
Hi Stephen,
On Tue, Jan 02, 2018 at 12:14:51PM +1100, Stephen Rothwell wrote:
> Hi all,
>
> After merging the netfilter-next tree, today's linux-next build (arm
> multi_v7_defconfig) produced this warning:
>
> In file included from net/ipv6/af_inet6.c:45:0:
> include/linux/netfilter_ipv6.h:38:51
On Tue, Jan 02, 2018 at 11:16:23AM +0100, Arnd Bergmann wrote:
> The newly added callback pointers cause a warning for some configurations:
>
> In file included from net/ipv6/af_inet6.c:45:0:
> include/linux/netfilter_ipv6.h:38:51: error: 'struct nf_queue_entry' declared
> inside parameter list w
On Mon, Dec 11, 2017 at 10:18:05AM +0100, Florian Westphal wrote:
> Colin King wrote:
> > From: Colin Ian King
> >
> > The structure nf_conntrack_l4proto_gre4 is local to the source and does
> > not need to be in global scope, so make it static.
>
> This bug was added in
> commit b9679a9fd3a7d
On Mon, Dec 11, 2017 at 10:09:46PM +0530, Pravin Shedge wrote:
> These duplicate includes have been found with scripts/checkincludes.pl but
> they have been removed manually to avoid removing false positives.
>
> Signed-off-by: Pravin Shedge
For the Netfilter chunk.
Acked-by: Pablo
On Thu, Dec 07, 2017 at 02:26:09PM +0100, Arnd Bergmann wrote:
> The added check produces a build error when CONFIG_PROC_FS is
> disabled:
>
> net/ipv4/netfilter/ipt_CLUSTERIP.c: In function 'clusterip_net_exit':
> net/ipv4/netfilter/ipt_CLUSTERIP.c:822:28: error: 'cn' undeclared (first use
> in
Hi Linus,
On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote:
> Hi Pablo,
>
> Thanks for your reply!
>
> On Tue, Nov 28, 2017 at 12:30:08AM +0100, Pablo Neira Ayuso wrote:
> > [...]
> > > diff --git a/net/bridge/netfilter/ebt_limit.c
> >
On Tue, Dec 05, 2017 at 03:42:41PM -0800, Kevin Cernekee wrote:
> The capability check in nfnetlink_rcv() verifies that the caller
> has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
> However, xt_osf_fingers is shared by all net namespaces on the
> system. An unprivileged user ca
On Sun, Dec 03, 2017 at 12:12:45PM -0800, Kevin Cernekee wrote:
> The capability check in nfnetlink_rcv() verifies that the caller
> has CAP_NET_ADMIN in the namespace that "owns" the netlink socket.
> However, nfnl_cthelper_list is shared by all net namespaces on the
> system.
Right, we need per-
On Mon, Dec 04, 2017 at 06:20:06AM +0100, Linus Lüssing wrote:
> On Mon, Dec 04, 2017 at 05:53:35AM +0100, Linus Lüssing wrote:
> > And so, no I do not have this patch. I looked at it now, but it
> > does not seem to have any relation with .matchinfo, does it?
>
> Relation between .usersize and .c
Hi Linus,
On Sat, Nov 25, 2017 at 08:44:18AM +0100, Linus Lüssing wrote:
> So far any changes with ebtables will reset the state of limit rules,
> leading to spikes in traffic. This is especially noticeable if changes
> are done frequently, for instance via a daemon.
>
> This patch fixes this by
On Thu, Nov 16, 2017 at 09:46:17AM +1100, Stephen Rothwell wrote:
> Hi Pablo,
>
> On Thu, 9 Nov 2017 00:40:14 +0100 Pablo Neira Ayuso
> wrote:
> >
> > On Wed, Nov 08, 2017 at 07:00:52PM +1100, Stephen Rothwell wrote:
> > >
> > > On Tue, 7 Nov 2017 11:
Hi again,
Cc'ing Sebastian Gottschall too.
See below for details. Thanks.
On Tue, Nov 14, 2017 at 04:54:10PM +0100, Pablo Neira Ayuso wrote:
> Hi Greg,
>
> Please, hold on a bit with this revert patch entitled:
>
> nat: Revert "netfilter: nat: convert nat
the to-be-deleted object is part of the table and that
> requires a list walk that we want to avoid.
>
> Furthermore, using hlist_node increases size of struct rhlist_head, which
> in turn increases nf_conn size.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?i
On Mon, Nov 13, 2017 at 08:59:50AM +0100, Simon Horman wrote:
> On Tue, Nov 07, 2017 at 08:19:29AM -0600, Gustavo A. R. Silva wrote:
> > In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> > where we are expecting to fall through.
> >
> > Addresses-Coverity-ID: 1128839
> > Addre
On Tue, Nov 07, 2017 at 10:08:01AM +, Colin King wrote:
> From: Colin Ian King
>
> The assignment to variable e is redundant since the same assignment
> occurs just a few lines later, hence it can be removed. Cleans up
> clang warning for arp_tables, ip_tables and ip6_tables:
Applied, thank
On Tue, Nov 07, 2017 at 03:11:51PM +0100, Arnd Bergmann wrote:
> This function is no longer marked 'inline', so we now get a warning
> when it is unused:
>
> net/netfilter/nf_conntrack_netlink.c:536:15: error: 'ctnetlink_proto_size'
> defined but not used [-Werror=unused-function]
>
> We could m
On Wed, Nov 08, 2017 at 07:00:52PM +1100, Stephen Rothwell wrote:
> Hi Dave,
>
> On Tue, 7 Nov 2017 11:02:48 +1100 Stephen Rothwell
> wrote:
> >
> > Hi all,
> >
> > After merging the netfilter-next tree, today's linux-next build (powerpc
> > ppc64_defconfig) produced this warning:
> >
> > net/
Hi Gustavo,
On Thu, Oct 19, 2017 at 09:06:16AM -0500, Gustavo A. R. Silva wrote:
> diff --git a/net/netfilter/ipset/ip_set_core.c
> b/net/netfilter/ipset/ip_set_core.c
> index cf84f7b..72f654a 100644
> --- a/net/netfilter/ipset/ip_set_core.c
> +++ b/net/netfilter/ipset/ip_set_core.c
> @@ -1386,7
On Sun, Oct 15, 2017 at 05:11:28PM +0300, Julian Anastasov wrote:
> On Sun, 15 Oct 2017, KUWAZAWA Takuya wrote:
>
> > Information about ipvs in different network namespace can be seen via
> > procfs.
> >
> > How to reproduce:
> >
> > # ip netns add ns01
> > # ip netns add ns02
> > # ip ne
On Mon, Oct 16, 2017 at 11:24:02AM +0100, Colin King wrote:
> From: Colin Ian King
>
> buf is initialized to buf_start and then set on the next statement
> to buf_start + offsets[i]. Clean this up to just initialize buf
> to buf_start + offsets[i] to clean up the clang build warning:
> "Value st
On Mon, Oct 09, 2017 at 07:52:24AM +0200, Simon Horman wrote:
> On Wed, Sep 06, 2017 at 10:28:00PM +0200, Helge Deller wrote:
> > The debug and error printk functions in ipvs uses wrongly the %pF instead of
> > the %pS printk format specifier for printing symbols for the address
> > returned
> > b
On Tue, Oct 17, 2017 at 01:02:00PM +0100, Colin King wrote:
> From: Colin Ian King
>
> The assignment to variable e is redundant since the same assignment
> occurs just a few lines later, hence it can be removed. Cleans up
> clang warning: warning: Value stored to 'e' is never read
Seems like n
On Fri, Oct 13, 2017 at 04:23:57AM +0530, Harsha Sharma wrote:
> Remove typedef from struct as linux-kernel coding style tends to
> avoid using typedefs.
> Done using following coccinelle semantic patch
Applied, thanks Harsha.
On Thu, Oct 05, 2017 at 01:01:09PM +0530, Harsha Sharma wrote:
> Add configure with lixtables in INSTALL and required dependencies for
> the same
Applied, thanks.
I have mangled this a bit.
Applying: INSTALL: Update dependency list and configure with libxtables support
patch:29: space before tab
On Thu, Oct 05, 2017 at 01:13:47PM +0530, Harsha Sharma wrote:
> Update shell/run-tests.sh to refer /src/nft with a relative path
Applied, thanks Harsha.
On Mon, Oct 02, 2017 at 01:02:50PM +0530, Harsha Sharma wrote:
> static const char * array should probably be static const char * const
> array
> as per linux-kernel coding style
>
> Signed-off-by: Harsha Sharma
> ---
> src/evaluate.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
On Wed, Sep 27, 2017 at 05:14:52PM +0530, Harsha Sharma wrote:
> The struct of type option is only used to initialise a field inside
> the xtables_globals struct and is not modified anywhere.
> Done using following coccinelle semantic patch
Applied, thanks.
On Wed, Sep 20, 2017 at 12:31:28PM +0530, Arvind Yadav wrote:
> Free memory region, if nf_tables_set_alloc_name is not successful.
Applied, thanks.
I have added this tag to this patch:
Fixes: 387454901bd6 ("netfilter: nf_tables: Allow set names of up to 255 chars")
Hi Harsha,
On Mon, Oct 02, 2017 at 02:07:00AM +0530, Harsha Sharma wrote:
> Add support for IPV6 type 0 routing header reserved field and address
> unable to test it with nft-test.py
It seems you didn't test this patch.
# python nft-test.py ip6/rt.t
/home/pablo/devel/scm/git-netfilter/nftables/
On Tue, Sep 26, 2017 at 06:35:45PM +0200, Artem Savkov wrote:
> It is possible for ebt_in_hook to be triggered before ebt_table is assigned
> resulting in a NULL-pointer dereference. Make sure hooks are
> registered as the last step.
Applied, thanks.
On Sun, Sep 10, 2017 at 01:41:41PM +0200, Geert Uytterhoeven wrote:
> If no spinlock debugging options (CONFIG_GENERIC_LOCKBREAK,
> CONFIG_DEBUG_SPINLOCK, CONFIG_DEBUG_LOCK_ALLOC) are enabled on a UP
> platform (e.g. m68k defconfig), arch_spinlock_t is an empty struct,
> hence using ARRAY_SIZE(nf_n
On Fri, Sep 08, 2017 at 01:46:30PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Aug 30, 2017 at 05:18:04PM +0530, Arvind Yadav wrote:
> > rhashtable_params are not supposed to change at runtime. All
> > Functions rhashtable_* working with const rhashtable_params
> > provided
On Fri, Sep 08, 2017 at 01:38:58AM -0400, Vishwanath Pai wrote:
> 64bit division causes build/link errors on 32bit architectures. It
> prints out error messages like:
>
> ERROR: "__aeabi_uldivmod" [net/netfilter/xt_hashlimit.ko] undefined!
>
> The value of avg passed through by userspace in BYTE
On Fri, Sep 08, 2017 at 11:00:16AM +0800, zhizhou.t...@gmail.com wrote:
> From: Zhizhou Tian
>
> struct xt_byteslimit_htable used hlist_head,
> but alloc memory with sizeof(struct list_head)
Applied, thanks.
For the record, I have mangled the patch titled to:
netfilter: xt_hashlimit: a
On Wed, Aug 30, 2017 at 05:18:04PM +0530, Arvind Yadav wrote:
> rhashtable_params are not supposed to change at runtime. All
> Functions rhashtable_* working with const rhashtable_params
> provided by . So mark the non-const structs
> as const.
Applied to nf, thanks.
On Wed, Sep 06, 2017 at 10:48:22PM +0200, Arnd Bergmann wrote:
> On Wed, Sep 6, 2017 at 10:22 PM, Vishwanath Pai wrote:
> > On 09/06/2017 03:57 PM, Arnd Bergmann wrote:
> >> 64-bit division is expensive on 32-bit architectures, and
> >> requires a special function call to avoid a link error like:
On Tue, Aug 15, 2017 at 10:50:34AM +0100, Colin King wrote:
> From: Colin Ian King
>
> The returns on some if statements are not indented correctly,
> add in the missing tab.
Applied, thanks.
On Mon, Aug 14, 2017 at 10:36:03AM -0700, Nick Desaulniers wrote:
> Minor nit for the commit message that can get fixed up when being merged:
>
> On Fri, Aug 11, 2017 at 11:16 AM, Nick Desaulniers
> wrote:
>
> > if (x)
> > return
> > ...
> >
> > rather than:
> >
> > if (!x == 0)
>
> should re
On Mon, Aug 07, 2017 at 09:44:26PM +0800, Geliang Tang wrote:
> Use audit_log() instead of open-coding it.
As said, collapsed into 'netfilter: ebtables: use audit_log()', just
for the record.
On Mon, Aug 07, 2017 at 09:44:25PM +0800, Geliang Tang wrote:
> Use audit_log() instead of open-coding it.
Applied, thanks.
BTW, I have collapse your xtables change to this patch too. part of
the same logical change. Hint: If you see yourself writing exactly the
same description for each patch y
Hi Nick,
On Mon, Jul 31, 2017 at 11:39:49AM -0700, Nick Desaulniers wrote:
> Clang produces the following warning:
[...]
> Also, it's even cleaner to use the form:
>
> if (x)
>
> but then if the return codes change from treating 0 as success (unlikely),
> then all call sites must be updated.
>
On Tue, Aug 01, 2017 at 12:48:03PM +0200, Julia Lawall wrote:
> The nf_loginfo structures are only passed as the seventh argument to
> nf_log_trace, which is declared as const or stored in a local const
> variable. Thus the nf_loginfo structures themselves can be const.
>
> Done with the help of
On Tue, Aug 01, 2017 at 12:25:01PM +0200, Julia Lawall wrote:
> When a nf_conntrack_l3/4proto parameter is not on the left hand side
> of an assignment, its address is not taken, and it is not passed to a
> function that may modify its fields, then it can be declared as const.
>
> This change is u
; allocation.
>
> Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling
> Protocol (GTP-U)")
> Signed-off-by: Florian Fainelli
Acked-by: Pablo Neira Ayuso
Thanks!
Hi Julia,
On Sun, Jul 30, 2017 at 09:38:44PM +0200, Julia Lawall wrote:
> When a nf_conntrack_l3/4proto parameter is not on the left hand side
> of an assignment, its address is not taken, and it is not passed to a
> function that may modify its fields, then it can be declared as const.
>
> This
On Thu, Jul 20, 2017 at 02:13:00PM -0400, Aaron Conole wrote:
> The prefixlen maps used here are identical, and have been since
> introduction. It seems to make sense to use a single large map,
> that the preprocessor will fill appropriately.
Applied, thanks.
Hi Jiri,
On Mon, Jul 17, 2017 at 05:06:48PM +0200, Jiri Slaby wrote:
> Commit ec0e3f01114a ("netfilter: nf_ct_expect: Add
> nf_ct_remove_expect()") introduced a helper nf_ct_remove_expect. It was
> used over the code, but one location used a wrong variable and it
> resulted in a crash in this call
On Thu, Jun 29, 2017 at 06:22:40PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Jun 27, 2017 at 07:05:27PM +0200, Pablo Neira Ayuso wrote:
> > On Tue, Jun 27, 2017 at 05:58:25PM +0200, Pablo Neira Ayuso wrote:
> > > On Wed, Jun 07, 2017 at 03:50:38PM +0200, Mateusz Jurczyk wrote:
&
On Fri, Jun 30, 2017 at 10:23:24PM +0200, Richard Weinberger wrote:
> Florian,
>
> Am 30.06.2017 um 21:55 schrieb Florian Westphal:
> >>> Why not use a hash of the address?
> >>
> >> Would also work. Or xor it with a random number.
> >>
> >> On the other hand, for user space it would be more usefu
On Fri, Jun 09, 2017 at 12:37:47PM +0800, Haishuang Yan wrote:
> When cda[CTA_TIMEOUT] is zero, ctnetlink_new_conntrack will
> free allocated ct and return, so move it to outside to optimize
> this situation.
>
> Signed-off-by: Haishuang Yan
> ---
> net/netfilter/nf_conntrack_netlink.c | 5 +
Hi,
On Wed, Jun 14, 2017 at 04:11:23PM +0800, Haishuang Yan wrote:
> In our openstack environment, slow dns lookup for hostname when
> parallel dns requests for IPv4 and IPv6 addresses from VM, the
> second IPv6 request( record) is dropped on its way in compute
> node.
>
> We found many simil
On Tue, Jun 27, 2017 at 07:05:27PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Jun 27, 2017 at 05:58:25PM +0200, Pablo Neira Ayuso wrote:
> > On Wed, Jun 07, 2017 at 03:50:38PM +0200, Mateusz Jurczyk wrote:
> > > Verify that the length of the socket buffer is sufficient to cover
On Tue, Jun 27, 2017 at 05:58:25PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jun 07, 2017 at 03:50:38PM +0200, Mateusz Jurczyk wrote:
> > Verify that the length of the socket buffer is sufficient to cover the
> > nlmsghdr structure before accessing the nlh->nlmsg_len field for
On Wed, Jun 07, 2017 at 03:50:38PM +0200, Mateusz Jurczyk wrote:
> Verify that the length of the socket buffer is sufficient to cover the
> nlmsghdr structure before accessing the nlh->nlmsg_len field for further
> input sanitization. If the client only supplies 1-3 bytes of data in
> sk_buff, then
On Mon, Jun 26, 2017 at 06:53:09PM +0200, Florian Westphal wrote:
> Lin Zhang wrote:
> > In the current conntrack extend code, if we want to add a new
> > extension, we must be add a new extension id and recompile kernel.
> > I think that is not be convenient for users, so i add a new extension
On Mon, Jun 26, 2017 at 02:10:46PM +0800, Lin Zhang wrote:
> In the current conntrack extend code, if we want to add a new
> extension, we must be add a new extension id and recompile kernel.
Yes, this is designed in this way on purpose.
Because we do not want to endorse proliferation of out-of
On Fri, May 12, 2017 at 01:11:06PM +0800, linzhang wrote:
> This patch cleans up extra spaces.
Applied.
On Tue, May 23, 2017 at 06:18:37PM -0500, Gustavo A. R. Silva wrote:
> Add null check to avoid a potential null pointer dereference.
>
> Addresses-Coverity-ID: 1408831
> Signed-off-by: Gustavo A. R. Silva
Acked-by: Pablo Neira Ayuso
This is a fix for the net.git tree BTW.
Fix this by forcing inlining of total_extension_size().
> >
> > Fixes: b3a5db109e0670d6 ("netfilter: conntrack: use u8 for extension sizes
> > again")
> > Signed-off-by: Geert Uytterhoeven
>
> Pablo, I'm going to apply this directly to my tree to fix this build
> failure, I hope you don't mind.
Acked-by: Pablo Neira Ayuso
On Mon, May 01, 2017 at 11:07:30AM -0700, Matthias Kaehlcke wrote:
> El Wed, Apr 19, 2017 at 11:39:20AM -0700 Matthias Kaehlcke ha dit:
>
> > Not all parameters passed to ctnetlink_parse_tuple() and
> > ctnetlink_exp_dump_tuple() match the enum type in the signatures of these
> > functions. Since
On Wed, Apr 19, 2017 at 09:47:33PM +0200, Linus Lüssing wrote:
> When trying to redirect bridged frames to the bridge device itself or
> a bridge port (brouting) via the dnat target then this currently fails:
>
> The ethernet destination of the frame is dnat'ed to the MAC address of
> the bridge d
On Fri, Apr 14, 2017 at 04:15:41PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
>
> On Fri, 14 Apr 2017, Pablo Neira Ayuso wrote:
>
> > On Mon, Apr 10, 2017 at 03:52:37PM -0400, Aaron Conole wrote:
> > > There are no in-tree callers.
> >
> > @Jozsef, let me
On Mon, Apr 10, 2017 at 03:50:44PM -0400, Aaron Conole wrote:
> There are no in-tree callers of this function and it isn't exported.
Simon, let me know if you want to take this, or just add your
Signed-off-by.
Thanks!
> Signed-off-by: Aaron Conole
> ---
> include/net/ip_vs.h | 2
On Mon, Apr 10, 2017 at 03:52:37PM -0400, Aaron Conole wrote:
> There are no in-tree callers.
@Jozsef, let me know if I should just take this to save you a pull
request.
Thanks.
> Signed-off-by: Aaron Conole
> ---
> net/netfilter/ipset/ip_set_core.c | 8
> 1 file changed, 8 deletions(
On Wed, Apr 12, 2017 at 04:32:54PM -0400, Aaron Conole wrote:
> The protonet pointer will unconditionally be rewritten, so just do the
> needed assignment first.
Also applied, thanks.
Applied, thanks.
Arushi,
On Sun, Apr 09, 2017 at 06:21:51AM +0800, kbuild test robot wrote:
> Hi Arushi,
>
> [auto build test WARNING on ipvs-next/master]
> [also build test WARNING on v4.11-rc5 next-20170407]
> [if your patch is applied to the wrong git tree, please drop us a note to
> help improve the system]
On Sun, Apr 09, 2017 at 09:12:18AM +0530, Arushi Singhal wrote:
> On Sun, Apr 9, 2017 at 1:44 AM, Pablo Neira Ayuso
> wrote:
>
> > On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
> > > On Saturday 2017-04-08 19:21, Arushi Singhal wrote:
> >
On Sat, Apr 08, 2017 at 08:21:56PM +0200, Jan Engelhardt wrote:
> On Saturday 2017-04-08 19:21, Arushi Singhal wrote:
>
> >Replace explicit NULL comparison with ! operator to simplify code.
>
> I still wouldn't do this, for the same reason as before. Comparing to
> NULL explicitly more or less g
On Sat, Apr 08, 2017 at 09:19:30PM +0530, Arushi Singhal wrote:
> This comments are obsolete and should go, as there are no set of rules per
> CPU anymore.
Applied, thanks.
On Wed, Mar 29, 2017 at 02:32:43PM +0530, Arushi Singhal wrote:
> Removed parentheses on the right hand side of assignment, as they are
> not required. The following coccinelle script was used to fix this
> issue:
>
> @@
> local idexpression id;
> expression e;
> @@
>
> id =
> -(
> e
> -)
You se
On Sun, Apr 02, 2017 at 02:52:12PM +0530, Arushi Singhal wrote:
> Remove & from function pointers to conform to the style found elsewhere
> in the file. Done using the following semantic patch
>
> //
> @r@
> identifier f;
> @@
>
> f(...) { ... }
> @@
> identifier r.f;
> @@
>
> - &f
> + f
> //
On Wed, Mar 29, 2017 at 02:09:43PM +0530, Arushi Singhal wrote:
> Fix checkpatch warnings:
> WARNING: Block comments use a trailing */ on a separate line
> WARNING: Block comments use * on subsequent lines
>
> Signed-off-by: Arushi Singhal
> ---
> net/ipv6/netfilter/ip6_tables.c | 16 ---
On Wed, Mar 29, 2017 at 11:15:40AM +0530, simran singhal wrote:
> This patch replace list_entry with list_prev_entry as it makes the
> code more clear to read.
Also applied, thanks.
On Wed, Mar 29, 2017 at 03:25:17AM +0530, simran singhal wrote:
> For string without format specifiers, use seq_puts(). For
> seq_printf("\n"), use seq_putc('\n').
Applied, thanks.
On Wed, Mar 29, 2017 at 12:35:16AM +0530, simran singhal wrote:
> The following Coccinelle script was used to detect this:
> @r@
> expression x;
> void* e;
> type T;
> identifier f;
> @@
> (
> *((T *)e)
> |
> ((T *)x)[...]
> |
> ((T*)x)->f
> |
>
> - (T*)
> e
> )
>
> Unnecessary paranthese
On Sat, Apr 01, 2017 at 07:06:33PM +0530, simran singhal wrote:
> The function nf_nat_need_gre() on being called, simply returns
> back. The function doesn't have FIXME code around.
> Hence, nf_nat_need_gre() and its calls have been removed.
>
> Signed-off-by: simran singhal
> ---
> net/ipv4/net
On Tue, Mar 28, 2017 at 11:54:13PM +0530, Arushi Singhal wrote:
> This patch removes typedefs from struct and renames it from "typedef struct
> bitstr_t" to "struct bitstr" as per kernel coding standards."
>
> Signed-off-by: Arushi Singhal
> ---
> net/netfilter/nf_conntrack_h323_asn1.c | 80
> +
uct nlattr *nest_parms;
> unsigned int flags = portid ? NLM_F_MULTI : 0, event;
>
> - event = NFNL_SUBSYS_CTNETLINK << 8 | IPCTNL_MSG_CT_NEW;
I can find many more spots to be replaced via:
git grep NFNL_SUBSYS_ net/netfilter/
Patch attached.
>From 1f03a770eb
Hi Arushi,
On Tue, Mar 28, 2017 at 04:03:27AM +0530, Arushi Singhal wrote:
> This patch removes multiple assignments to follow the kernel coding
> style as also reported by checkpatch.pl.
> Done using coccinelle.
> @@
> identifier i1,i2;
> constant c;
> @@
> - i1=i2=c;
> + i1=c;
> + i2=i1;
I see
On Sat, Mar 25, 2017 at 05:57:55PM +0530, Arushi Singhal wrote:
> This patch removes typedefs from struct and renames it from "typedef struct
> field_t" to "struct field" as per kernel coding standards."
>
> Signed-off-by: Arushi Singhal
> ---
> net/netfilter/nf_conntrack_h323_asn1.c | 68
> +++
On Tue, Apr 04, 2017 at 01:41:11PM -0400, Simon Horman wrote:
> On Wed, Mar 29, 2017 at 03:45:01PM +0530, Arushi Singhal wrote:
> > Replace explicit NULL comparison with ! operator to simplify code.
> >
> > Signed-off-by: Arushi Singhal
> > ---
> > net/netfilter/ipvs/ip_vs_ctl.c | 8 ++-
On Thu, Mar 30, 2017 at 07:38:08PM +0530, Arushi Singhal wrote:
> On Thu, Mar 30, 2017 at 6:25 PM, Simon Horman wrote:
>
> > On Wed, Mar 29, 2017 at 08:27:52PM +0530, Arushi Singhal wrote:
> > > This patch uses the following coccinelle script to remove
> > > a variable that was simply used to sto
On Tue, Mar 28, 2017 at 06:30:56PM +0530, Arushi Singhal wrote:
> To remove complexity of code the function is added in nfnetlink.h
> to make code more clear and readable.
Patch looks good, you can also use this new function from other
_fill_info() functions in the netfilter code, eg.
nfn
On Tue, Mar 21, 2017 at 05:49:52PM +0530, simran singhal wrote:
> This patch series remove unnecessary cast on void pointer.
>
> simran singhal (2):
> netfilter: ipset: Remove unnecessary cast on void pointer
> netfilter: Remove unnecessary cast on void pointer
Please, merge this two patches
On Mon, Mar 27, 2017 at 05:48:41PM +0530, Arushi Singhal wrote:
> On Mon, Mar 27, 2017 at 5:38 PM, Pablo Neira Ayuso
> wrote:
>
> > On Sat, Mar 25, 2017 at 06:19:47PM +0530, Arushi Singhal wrote:
> > > This patch removes multiple assignments.
>
On Sat, Mar 25, 2017 at 06:19:47PM +0530, Arushi Singhal wrote:
> This patch removes multiple assignments.
> Done using coccinelle.
> @@
> identifier i1,i2;
> constant c;
> @@
> - i1=i2=c;
> + i1=c;
> + i2=c;
You have to explain why this is bad.
Hi Arushi,
On Sat, Mar 25, 2017 at 07:23:13PM +0530, Arushi Singhal wrote:
> diff --git a/net/netfilter/nf_conntrack_netlink.c
> b/net/netfilter/nf_conntrack_netlink.c
> index 6806b5e73567..aa344c5868c5 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink
On Tue, Mar 21, 2017 at 02:14:34PM +0530, simran singhal wrote:
> This patch series clean up tests if NULL returned on failure.
$ git grep "== NULL" net/netfilter/ | wc -l
461
This is cleaning up just some of them, we still seem to have quite a
bit of them.
Main problem with this changes is that
On Tue, Mar 21, 2017 at 01:09:47AM +0100, Linus Lüssing wrote:
> On Sun, Mar 19, 2017 at 05:55:06PM +0100, Linus Lüssing wrote:
> > On Fri, Mar 17, 2017 at 02:10:44PM +0100, Pablo Neira Ayuso wrote:
> > > Wait.
> > >
> > > May this break local multicast l
On Mon, Mar 20, 2017 at 01:37:01PM +0100, Arnd Bergmann wrote:
> The refcount variable was accidentally introduced without any reference
> to it. Removing it again avoids this warning:
>
> net/netfilter/nfnetlink_acct.c: In function 'nfnl_acct_try_del':
> net/netfilter/nfnetlink_acct.c:329:15: err
Applied.
On Wed, Mar 15, 2017 at 11:06:05PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Mar 15, 2017 at 10:16:19PM +0100, Linus Lüssing wrote:
> > On Wed, Mar 15, 2017 at 07:15:39PM +0100, Pablo Neira Ayuso wrote:
> > > Could you update ebtables dnat to check if the ethernet address
> &
On Thu, Mar 16, 2017 at 07:52:19AM +, Reshetova, Elena wrote:
>
> > On Wed, Mar 15, 2017 at 01:10:38PM +0200, Elena Reshetova wrote:
> > > This series, for the netfilter subsystem, replaces atomic_t reference
> > > counters with the new refcount_t type and API (see
> > > include/linux/refcoun
201 - 300 of 572 matches
Mail list logo